mirror of
https://github.com/silverstripe/silverstripe-cms
synced 2024-10-22 06:05:56 +00:00
BUGFIX Checking for SiteTree:: in SiteTree->getClassDropdown() (AIR-20)
This commit is contained in:
parent
922dd126c6
commit
4903fad537
@ -682,25 +682,21 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
||||
}
|
||||
|
||||
/**
|
||||
* This function should return true if the current user can add children
|
||||
* to this page. It can be overloaded to customise the security model for an
|
||||
* application.
|
||||
* This function should return true if the current user can execute this action.
|
||||
* It can be overloaded to customise the security model for an application.
|
||||
*
|
||||
* Returns true if the member is allowed to do the given action.
|
||||
* Slightly altered from parent behaviour in {@link DataObject->can()}:
|
||||
* - Checks for existence of a method named "can<$perm>()" on the object
|
||||
* - Calls decorators and only returns for FALSE "vetoes"
|
||||
* - Falls back to {@link Permission::check()}
|
||||
* - Does NOT check for many-many relations named "Can<$perm>"
|
||||
*
|
||||
* @uses DataExtension->can()
|
||||
*
|
||||
* If a page is set to inherit, but has no parent, it inherits from
|
||||
* {@link SiteConfig}
|
||||
* @uses DataObjectDecorator->can()
|
||||
*
|
||||
* @param string $perm The permission to be checked, such as 'View'.
|
||||
* @param Member $member The member whose permissions need checking.
|
||||
* Defaults to the currently logged in user.
|
||||
*
|
||||
* @return boolean True if the the member is allowed to do the given
|
||||
* action.
|
||||
*
|
||||
* @todo Check we get a endless recursion if we use parent::can()
|
||||
* Defaults to the currently logged in user.
|
||||
* @return boolean True if the the member is allowed to do the given action.
|
||||
*/
|
||||
function can($perm, $member = null) {
|
||||
if(!$member || !(is_a($member, 'Member')) || is_numeric($member)) {
|
||||
@ -709,7 +705,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
||||
|
||||
if($member && Permission::checkMember($member, "ADMIN")) return true;
|
||||
|
||||
if(method_exists($this, 'can' . ucfirst($perm))) {
|
||||
if(is_string($perm) && method_exists($this, 'can' . ucfirst($perm))) {
|
||||
$method = 'can' . ucfirst($perm);
|
||||
return $this->$method($member);
|
||||
}
|
||||
@ -717,7 +713,7 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
||||
$results = $this->extend('can', $member);
|
||||
if($results && is_array($results)) if(!min($results)) return false;
|
||||
|
||||
return true;
|
||||
return ($member && Permission::checkMember($member, $perm));
|
||||
}
|
||||
|
||||
|
||||
@ -2293,7 +2289,8 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
||||
/**
|
||||
* Get the class dropdown used in the CMS to change the class of a page.
|
||||
* This returns the list of options in the drop as a Map from class name
|
||||
* to text in dropdown.
|
||||
* to text in dropdown. Filters by {@link SiteTree->canCreate()},
|
||||
* as well as {@link SiteTree::$needs_permission}.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
@ -2307,6 +2304,10 @@ class SiteTree extends DataObject implements PermissionProvider,i18nEntityProvid
|
||||
$instance = singleton($class);
|
||||
if((($instance instanceof HiddenClass) || !$instance->canCreate()) && ($class != $this->class)) continue;
|
||||
|
||||
if($perms = $instance->stat('need_permission')) {
|
||||
if(!$this->can($perms)) continue;
|
||||
}
|
||||
|
||||
$pageTypeName = $instance->i18n_singular_name();
|
||||
|
||||
if($class == $this->class) {
|
||||
|
@ -825,6 +825,23 @@ class SiteTreeTest extends SapphireTest {
|
||||
$valid = $classCext->validate();
|
||||
$this->assertFalse($valid->valid(), "Doesnt allow child where only parent class is allowed on parent node, and asterisk prefixing is used");
|
||||
}
|
||||
|
||||
function testClassDropdown() {
|
||||
$sitetree = new SiteTree();
|
||||
$method = new ReflectionMethod($sitetree, 'getClassDropdown');
|
||||
$method->setAccessible(true);
|
||||
|
||||
Session::set("loggedInAs", null);
|
||||
$this->assertArrayNotHasKey('SiteTreeTest_ClassA', $method->invoke($sitetree));
|
||||
|
||||
$this->loginWithPermission('ADMIN');
|
||||
$this->assertArrayHasKey('SiteTreeTest_ClassA', $method->invoke($sitetree));
|
||||
|
||||
$this->loginWithPermission('CMS_ACCESS_CMSMain');
|
||||
$this->assertArrayHasKey('SiteTreeTest_ClassA', $method->invoke($sitetree));
|
||||
|
||||
Session::set("loggedInAs", null);
|
||||
}
|
||||
}
|
||||
|
||||
/**#@+
|
||||
|
Loading…
x
Reference in New Issue
Block a user